Cyber Resilience

CVE-2025-12487

Critical

Published: 06 November 2025

Published
06 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0136 80.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12487 is a critical-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

Deeper analysis

CVE-2025-12487 affects oobabooga text-generation-webui and stems from improper handling of the trust_remote_code parameter supplied to the join endpoint. The component fails to validate the user-supplied argument before using it to load a model, allowing untrusted inputs to trigger code execution. The vulnerability is tracked as ZDI-CAN-26681 and carries a CVSS 3.0 score of 9.8.

Unauthenticated remote attackers can exploit the flaw over the network to execute arbitrary code in the context of the service account. No user interaction or credentials are required, and the attack succeeds simply by supplying a malicious value for the trust_remote_code parameter when invoking the join endpoint.

The referenced GitHub commit b5a6904c4ac4049823396090360b6f566f4e4603 addresses the issue in the codebase, while the Zero Day Initiative advisory ZDI-25-982 provides coordinated disclosure details for affected deployments.

The associated EPSS score rose from a baseline of 0.0136 to a peak of 0.0284, indicating emerging exploitation interest after public disclosure of this AI/ML-oriented web interface.

EU & UK References

Vulnerability details

oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

more

handling of the trust_remote_code parameter provided to the join endpoint. The issue results from the lack of proper validation of a user-supplied argument before using it to load a model. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26681.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: text-generation-webui

Related Threats

Affected Assets

Zerodayinitiative
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-807

Prevents reliance on untrusted matching results for security-relevant decisions by enforcing verification and contest procedures.

addresses: CWE-807

Providing authoritative attributes with the data reduces the need for security decisions to rely on untrusted external inputs.

addresses: CWE-807

Reduces reliance on untrusted inputs by ensuring only authorized sources may supply data.

References